May 6, 2009 Synergy of SW Architecture, Process, and Organization 1 The Design of Complex Software-Intensive Systems A Quest for Intellectual Control Alan R. Hevner – University of South Florida Richard C. Linger – CERT Software Engineering Institute Carnegie Mellon University
The Design of Complex Software-Intensive Systems. A Quest for Intellectual Control. Alan R. Hevner – University of South Florida Richard C. Linger – CERT Software Engineering Institute Carnegie Mellon University. England: 11th Century. - PowerPoint PPT Presentation
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
May 6, 2009 Synergy of SW Architecture, Process, and Organization 1
The Design of Complex Software-Intensive Systems
A Quest for Intellectual Control
Alan R. Hevner – University of South Florida
Richard C. Linger – CERT Software Engineering Institute
Carnegie Mellon University
May 6, 2009 Synergy of SW Architecture, Process, and Organization 2
England: 11th Century Norman conquerors conduct census to determine
what they have won Results never added up, despite the intent to
produce a sum Best minds were overwhelmed by the complexity of
adding up so many Roman numerals! If done in decimal arithmetic and place notation, any
child could have performed the addition Lesson: The right foundations
Transform the problem space Sweep away complexities Enable new human capabilities
May 6, 2009 Synergy of SW Architecture, Process, and Organization 3
21st Century World
Overwhelming network system complexities: Systems-of-systems integration Unknown boundaries and components Compositions of stovepipe systems Pervasive asynchronous operations Survivability an urgent priority
Approach Mathematical semantics first, engineering practices later Develop engineering foundations that address system realities Limit complexity and improve survivability with practical
engineering methods
May 6, 2009 Synergy of SW Architecture, Process, and Organization 4
UAVs
Other Layered Sensors
Network Centric
Force
Robotic Direct Fire
Robotic NLOS Fire
Robotic Sensors
Manned C2
Network System ComplexitiesFuture Combat System:
• 100s of nodes and users
• Nodes and usage evolve
• Distributed platforms
• A system of systems
Mission C4I
May 6, 2009 Synergy of SW Architecture, Process, and Organization 5
Complexity’s Burden
Development of large-scale network systems frequently exceeds our engineering capabilities
We experience difficulty defining the systems we have, and the systems we need
Intellectual control is lost when complexity exceeds human reasoning capabilities
Result is frustration and delay that impacts mission capability and survivability
May 6, 2009 Synergy of SW Architecture, Process, and Organization 6
Issues in Network Systems
Survivability improvement requires Knowing usage dependencies in all situations Preparing for compromises in all situations Defining system actions for every situation
Complexity reduction requires New approach for human intellectual control Foundations based on deep simplicities Practical engineering methods
Complexity and survivability are deeply related
May 6, 2009 Synergy of SW Architecture, Process, and Organization 7
Three Key Questions In a world of large-scale, asynchronous
network systems with dynamic function and structure … What are the unifying engineering foundations for
system analysis, specification, design, implementation, and verification?
How should quality attributes such as survivability, reliability, and performance be specified, managed, and achieved?
What architecture frameworks can simplify system development and operation?
May 6, 2009 Synergy of SW Architecture, Process, and Organization 8
Three Engineering Concepts
1. Flow Structures - User task flows and their architecture flows of service uses are engineering anchors for analysis, specification, and design of functionality and quality attributes
2. Computational Quality Attributes - Quality attributes can be specified as dynamic functional properties to be computed, not as static, a priori predictions
3. Dynamic Flow Management - User task flow designs support architecture templates that manage flows and their quality attributes in execution
May 6, 2009 Synergy of SW Architecture, Process, and Organization 9
Foundations: First-Class Artifacts
Flows Defines mission, user functions and quality
attributes, refines into service uses Services
Provides functionality and quality attributes, refines into flows
Quality Attributes Attribute requirements attached to flows, service
attribute matches computed dynamically
May 6, 2009 Synergy of SW Architecture, Process, and Organization 10
Foundations: Theorems
Structure Theorem Guarantees sufficiency of flow structure primitives
Abstraction/Refinement Theorem Guarantees correctness of mathematical semantics
Verification Theorem Defines conditions for ensuring flow correctness
Implementation Theorem Defines conditions to express a function as a flow
System Testing Theorem Shows how to derive usage from flows for testing
May 6, 2009 Synergy of SW Architecture, Process, and Organization 11
Flow Structure Concepts
Enterprise missionUser task flow
User task flow
Architecture flowof service uses
Architecture flowof service uses
Architecture flowof service uses Enterprise mission is embodied in user
task flows of operations and decisions in system usage Architecture flow refinements of user task flows define uses of
system services that provide function and quality attributes
User task flow
Enterprise Users Systems
Flows traverse a network architecture to satisfy mission requirements
credit database
credit card company
customer
land telecom satellite
telecom
gas pump
system 1 system 2 system 3 system 4 system 5
land telecom
Gas purchase flow:
May 6, 2009 Synergy of SW Architecture, Process, and Organization 12
Flow Structure Semantics
Service invocations in Flow Structures are specified by service response (R*) semantics
Semantics are response-based, not intention-based – a natural fit with COTS and components
Service invocations are composed with post-fix predicates on equivalence classes over all possible responses
Logic of a flow accounts for all possible circumstances of use, each flow is a self-contained and complete entity
R* semantics permit deterministic flow abstraction, refinement, and verification for human understanding, even though services are engaged in simultaneous asynchronous uses
16
Network Centric
Force
Transitive Dependencies in Flows
UAV Robotic Direct Fire
store sensor data
OK?yn
…
…
…
resp?yn
…
…valid?
yn
…
run sensor data flow
compute target data
run fire control flow
…
valid?yn
…
…range?
yn
…
run check target flow
fire on target
…
Primary Flow:
Mission Control
Sensor Data Flow: Fire Control Flow:Target Attack Flow:
… …
run check sensor flow
Transitivity analysis reveals precise dependencies from mission down to code, and defines impact of changes
……
May 6, 2009 Synergy of SW Architecture, Process, and Organization
17
UAVs
Other Layered Sensors
Network Centric
Force
Robotic Direct Fire
Robotic NLOS Fire
Robotic Sensors
Manned C2
FlowSets can manage complexity in the Future Combat System:
Structure functions and quality attribute specifications with dynamic service function and quality, to control flow execution and satisfy quality specifications
May 6, 2009 Synergy of SW Architecture, Process, and Organization 25
FSQ Complexity Reduction Flows unify, enable human reasoning in network systems Same structures for acquisition, development, operation Flows are expressed in a few simple structures Flows are simply abstracted, refined, and verified Flows seamlessly refine missions into architecture services Flows are scale-free and recursive Flows specify all required behavior and quality attributes Flow transitivity reveals dependencies, impact of changes Flows define logical topology and service specifications Flows as built can be verified against flows as specified FSQ architecture templates unify flow management Flows prescribe system testing requirements
May 6, 2009 Synergy of SW Architecture, Process, and Organization 26
FSQ Survivability Analysis
Flows extracted from existing systems reveal mission survivability dependencies on essential services
Transitivity analysis of extracted flows reveals cascade service dependencies that impact survivability
Intrusion flows reveal compromisible services Flows require definition of, and actions in, all possible
circumstances of use for survivability Flow dependencies focus survivability improvements
May 6, 2009 Synergy of SW Architecture, Process, and Organization 27
FSQ Observations FSQ supports complexity reduction and survivability improvement in development and
operation of large-scale network systems composed of any mix of newly developed and COTS/ESP components.
FSQ provides systematic, scale-free semantic structures for requirements, specification, design, verification, implementation, and maintenance.
FSQ supports seamless decomposition from user flows, services, and quality attribute requirements to flow structures, services, and quality attribute implementations, with intrinsic traceability.
User flows of services and quality attributes permit system development in terms of user views of services, as opposed to strictly functional decomposition or object-based composition.
Flow structures are deterministic for human understanding and analysis, despite the uncertainties of complex, network-centric behaviors, thus enabling compositional methods of refinement, abstraction, and verification.
Flow structures reflect the realities of network-centric systems in dealing the uncertainty factors, to support enterprise risk management and system survivability.
FSQ Observations Flow structures support the definition of attack and intrusion flows for assessing system
vulnerabilities and compromises, as a basis for security and survivability improvements. Computational quality attributes reflect the realities of network-centric systems, in
assessing and reconciling quality requirements and capabilities as an intrinsically dynamic process.
Computational quality attributes provide a scale-free, computational use-centric (rather than system-centric) view of quality.
Flow management architectures provide systematic and uniform methods for managing user flow instantiation and quality attribute satisfaction in execution.
Foundations of flow structures can stimulate research on representation and analysis of flows at the requirements level within enterprises, and at the implementation level within system architectures.
Foundations of Computational Quality Attributes can stimulate research in modeling and dynamic evaluation of important quality attributes and metrics.,
May 6, 2009 Synergy of SW Architecture, Process, and Organization 28
May 6, 2009 Synergy of SW Architecture, Process, and Organization 29
FSQ Research Directions
Complete Theory Development Flow Structure Semantics Computational Quality Attributes Flow Management Architectures
Exploratory Case Studies Engineering Practices Industrial Collaborators/Customers Automation Opportunities